ICANN (Internet Corporation for Assigned Names and Numbers) controls the “root name servers”, the servers for each top level domain (e.g. .gov or .com) hold the authoritative lists of what other servers are allowed to be name servers for that top level domain. The name servers are the ones that say that “[randomperson.com](https://randomperson.com)” belongs to you and not me. They are generally operated by the domain registry companies (e.g. GoDaddy).

There is no one, single, universally accepted directory of URLs. It’s spread across many servers & databases. There *is* one universally accepted protocol for how to decide who controls what, and that’s run by ICANN.

ICANN was created by the US government in 1998 to take over for prior work being done by the academics who worked on ARPANET (the internet’s predecessor).

It didn’t *become* the only table of contents, it *is* the only table of contents.

The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit organization that oversees the assignment of both IP addresses and domain names.

I HIGHLY recommend [this video](https://www.youtube.com/watch?v=-wMU8vmfaYo) by Ben Eater. It goes a little in the weeds about how it works, but it is the fundamentals about how this all shakes down.

People have already mentioned icann, so here’s the downstream part.

When you type reddit.com, you use a Domain Name Service (DNS) that looks up that name and tells you which computer Google put their website on.

Google and cloudflare offer popular DNS services, but you can also host your own to host pages only visible inside your network. You’ll see that commonly for corporate intranet sites.

Who first created it? [Jon Postel](https://internethalloffame.org/inductees/jon-postel), [Vint Cerf](https://internethalloffame.org/inductees/vint-cerf), and their colleagues

A website domain can be thought of in 3 parts. So “[www.reddit.com](https://www.reddit.com)”, to understand ownership you read it backwards. The “first” level is “.com” which is the “top level domain” or “TLD” there are 2 types of TLD, “general” (meaning anyone can pay to register) and “sponsored” meaning you have to be qualified. Examples of sponsored TLD are “.edu” and “.gov”, so you can’t register a “.gov” domain unless you are a US government entity.

Each TLD is owned/controlled by a some organization, whether it’s a company, government, or non-profit. ICANN was mentioned in other answers, and they decide what TLDs exist, and who owns/operates them. These organizations themselves decide whether it’s a global or sponsored domain, for example “.ca” is for Canada, and only Canadian citizens or businesses can register because that’s what the “Canadian Internet Registration Authority” says. On the other hand “.ly” is owned by Libya (not sure the name of the org), however they allow anyone to register, which is why you have domains like “[bit.ly](https://bit.ly)” for url shortening. The “.com” domain is controlled by Verisign

Okay, so that covers the TLD or “.com” part of “[www.reddit.com](https://www.reddit.com)”

Now we get into domains you can buy (or technically “rent” would be more accurate, since you pay annually to keep it). The domain purchased by Reddit would be “[reddit.com](https://reddit.com)”. They can make up whatever subdomain they want. “www” is a typical one, but they can also make up “[haha-i-am-awesome.reddit.com](https://haha-i-am-awesome.reddit.com)” or anything else that uses valid characters. No subdomain is also valid, so they don’t have to have a “www” or anything at all in front. For the main domain and each subdomain they can point to a different (or the same) server.

That’s about ownership, now you also asked about the directory of urls, which is easier to understand with the above knowledge.

Looking up a domain actually happens at multiple layers.

The first is actually your own computer. On your computer is a file that can add your own domain lookups to. I could make “[www.reddit.com](https://www.reddit.com)” point to my own website or anywhere else. Since it’s on my own computer, only I would be able to see that.

Next is your DNS lookup provider. Normally this is provided by your ISP for home users. If you are on a computer owned by your company or you are connected to a VPN, it could be set up to use your company’s internal DNS server. This is how you can have intranets, or websites that only employees can visit. They don’t exist on the outside. (There’s more details here I’m omitting because this is already getting super long)

So the DNS provider will say something like:

“Hey ICANN, how do I get to ‘www.reddit.com’?”
“Go ask Verisign, here’s their phone number (name server) for these questions”
“hey Verisign, how do I get to ‘www.reddit.com’?”
“That’s currently owned by Reddit, go ask them. This is the number (name server) they gave us for contacting them”
“Hey Reddit, how do I get to ‘www.reddit.com’?”
“Go to this [IP] address, here are the directions”

From that point on your domain has arrived it’s address. There may still be more steps involved (maybe you get to that address, and they tell you to go to a different address) but as far as domain goes, you’ve arrived at the right place.

You also asked how they verify they own the domain. We saw how we get there, but we also see how someone in the middle (like a company network, or even connecting to an unknown WiFi) can intercept your request and give you different directions instead of asking the proper people. This is where HTTPS comes into play. When you go to an HTTPS site, you are also asking them to send you proof that they are who they say they are in the form of an SSL certificate. The certificate is “signed” by a trusted authority. Can have a parent certificate, that it is signed using another certificate, which can in turn by signed by another, etc. Your computer operating system comes with a list of trusted “root” certificates, one of which is Verisign. It’s a case of I trust A and A vouches for B, who vouches for C, and so on. It’s a chain of trust. And as long as all the signatures match, I can trust that you are who you say you are.

The main term to understand for this is Top Level Domain (TLD). This is the last part of a hostname, after the last period. So ‘.com’ ‘.net’ ‘.fr’ are all examples.

Each TLD has a master registry that is owned by a single entity. The ‘.com’ registry is owned by VeriSign, while the ‘.fr’ registry is owned by France. These owners decide the requirements of registering a new name under their TLD.

So as long as a company like GoDaddy meets the ‘.com’ owners requirements, they can sell you website names that end with ‘.com’.

Part of registering a hostname is providing an IP Address, which is what computers use to do networking. The mapping between your hostname and IP Address is added to a Domain Name Server (DNS). There are tons of DNS, so this new mapping will propogate to all of them over time. But the TLD owner’s DNS can always be used to make sure some other DNS has the correct info.

In the end:

* The registry of who owns each TLD is managed by ICANN. (Except maybe the country ones)
* Each TLD owner decides how new names get added to their registry.
* Computers ask a DNS to look up the IP Address for your hostname.

As an aside, I want to say DNS server, but it’s another ATM machine situation.

The domain names work like an old-fashioned phone book. You pay to get a phone number (IP address), and pay to get your company’s name in the yellow pages (domain name registry). Everyone uses the same yellow pages (domain name system) to look up phone numbers (IP addresses by name). You could call the phone company (ICANN) and claim to be a different company and change the phone number (what the domain name points to), but the phone company (ICANN) is going to ask you to verify that you are who you say you are (at the very least, force you to login to you an existing account at the registrar website).

That said, the names are registered for a certain time and need to be renewed. If Disney simply doesn’t bother to renew “moana.com” (or whatever), then someone else is free to use it.